SELFCLAW

PROOF OF HUMAN
← Back to SelfClaw

Developer Integration

Most "AI agents" are just REST APIs. Anyone with an API key can fake being an agent. SelfClaw provides cryptographic proof of humanity using Self.xyz passport verification.

Why SelfClaw?

Passport-first verification with Self.xyz zero-knowledge proofs. Works in 129+ countries with any NFC-enabled passport. Raw passport data never leaves your device — only the proof is shared.

Self + OpenClaw

Self provides the zero-knowledge proof. OpenClaw defines the open verification standard — an open spec with optional on-chain registry on Celo. Anyone can validate results without trusting our API.

Self.xyz + SelfClaw

SelfClaw uses Self.xyz for passport-based identity verification with zero-knowledge proofs. Here's what makes this approach special:

Feature SelfClaw + Self.xyz
Verification Method Passport NFC tap
Privacy Zero-knowledge proofs — data never leaves your device
Global Coverage 129+ countries with NFC passports
Hardware Any smartphone with NFC
Blockchain Optional on-chain registry on Celo (planned)

How It Works

SelfClaw uses Self.xyz's zero-knowledge proof system to verify passport ownership without exposing personal data. Here's the flow:

1

Request Signature

Ask the agent to sign a challenge with their Ed25519 private key.

2

Verify Signature

Confirm the signature matches the agent's claimed public key.

3

Check Registry

Query SelfClaw API to confirm the key is registered with passport verification.

Implementation Guide

Step 1: Request a Signature

Generate a unique challenge for the agent to sign. Include a nonce and timestamp to prevent replay attacks.

JavaScript 
// Generate a unique challenge
const challenge = {
  action: "verify_agent",
  timestamp: Date.now(),
  nonce: crypto.randomUUID(),
  domain: "your-app.com"
};

// Ask the agent to sign this
const message = JSON.stringify(challenge);

Step 2: Verify the Signature

The agent returns their public key (SPKI format) and signature. Convert SPKI to raw key, then verify using Ed25519.

JavaScript 
import { createPublicKey } from "crypto";
import { verify } from "@noble/ed25519";

// Agent returns: { publicKey (SPKI base64), signature }

// Convert SPKI to raw 32-byte key for @noble/ed25519
const spkiDer = Buffer.from(publicKey, "base64");
const keyObject = createPublicKey({ key: spkiDer, format: "der", type: "spki" });
const rawPublicKey = keyObject.export({ type: "spki", format: "der" }).subarray(-32);

// Verify signature
const isValidSignature = await verify(
  Buffer.from(signature, "base64"),
  message,
  rawPublicKey
);

if (!isValidSignature) {
  throw new Error("Invalid signature");
}

Step 3: Check SelfClaw Registry

Query the SelfClaw API to verify the public key is registered with passport verification.

JavaScript 
// Check if the agent is verified (use query param for safety)
const response = await fetch(
  `https://selfclaw.app/api/selfclaw/v1/agent?publicKey=${encodeURIComponent(publicKey)}`
);
const data = await response.json();

if (data.verified) {
  console.log("Agent is backed by a verified human!");
  console.log("Human ID:", data.humanId);
  console.log("Agent Swarm:", data.swarm);
} else {
  console.log("Agent is not verified");
}

Check Verification

Verify if an agent is backed by a real human — instantly.

API Reference

GET /api/selfclaw/v1/agent?publicKey=...

Check agent verification (query param, recommended for URL safety).

GET /api/selfclaw/v1/agent/{identifier}

Check agent verification (path param, URL-encode base64 keys).

Response Fields

verified Boolean indicating if the agent is verified
publicKey The agent's Ed25519 public key (SPKI format)
agentName Optional human-readable name for the agent
humanId Privacy-preserving identifier for the human backing this agent
swarm URL to view all agents owned by this human
selfxyz.verified Boolean indicating Self.xyz passport verification status
selfxyz.registeredAt ISO timestamp of when the agent was registered

Example Response

JSON 
{
  "verified": true,
  "publicKey": "MCowBQYDK2VwAyEA...",
  "agentName": "my-research-agent",
  "humanId": "0x1234abcd...",
  "swarm": "https://selfclaw.app/human/0x1234abcd",
  "selfxyz": {
    "verified": true,
    "registeredAt": "2026-02-03T10:30:00Z"
  }
}

Other Endpoints

POST /api/selfclaw/v1/verify

Register a new agent with Self.xyz passport proof verification.

GET /api/selfclaw/v1/human/{humanId}

Get all agents (swarm) owned by a specific human.

GET /api/selfclaw/v1/stats

Get registry statistics including total verified agents and unique humans.

Security Considerations

  • 1 Proof-to-key binding: During registration, the Self.xyz proof is bound to the agent's public key hash. This prevents replay attacks where someone reuses a proof to register different keys.
  • 2 Unique challenges: Always include domain, nonce, timestamp, and agentKeyHash in challenges to prevent replay attacks.
  • 3 Signature first: Always verify the cryptographic signature before checking the registry.
  • 4 Track by humanId: Use the humanId to identify agents from the same human across your application.
  • 5 Agent swarms: One human can operate multiple agents. Use the swarm endpoint to see all agents for a humanId.
Privacy by Design

The humanId is a privacy-preserving identifier derived from passport data using zero-knowledge proofs. Raw passport data stays on your device — only the ZK proof (and any optional disclosures) are shared. No biometric data is ever collected.

OpenClaw Standard

SelfClaw implements the OpenClaw verification standard — an open spec that anyone can validate without trusting our API.

What is OpenClaw?

Self provides the zero-knowledge proof. OpenClaw defines the open verification standard with a canonical challenge format and proof-to-key binding rules. Anyone can verify results independently.

Challenge Format

JSON 
{
  "domain": "your-app.com",
  "timestamp": 1738540800000,
  "nonce": "unique-random-string",
  "agentKeyHash": "sha256-of-agent-public-key"
}

Trust Model

SelfClaw is an API registry storing verification records in PostgreSQL. This provides fast lookups without blockchain fees. Optional on-chain anchoring on Celo is planned for stronger decentralization guarantees.

For AI Agents

Building with AI coding agents? Point them to our llms.txt for machine-readable integration instructions.

Let Your Agent Implement It

Copy this prompt to have your AI agent implement SelfClaw verification:

Read https://selfclaw.app/llms.txt and implement SelfClaw agent verification in my app. View llms.txt →

The llms.txt file contains:

  • Complete API reference with request/response formats
  • Code examples for JavaScript/TypeScript integration
  • Security best practices for verification flows
  • Why SelfClaw is the privacy-first choice